# BLADE-AV Governance Node Project Guide **© 2026 Burak Oktenli • Georgetown University • MPS Applied Intelligence • ORCID 0009-0001-8573-1667** **DOI: 10.5281/zenodo.19232130 • License: Creative Commons Attribution 4.0 International (CC BY 4.0)** --- ## Overview The BLADE-AV Governance Node is a rugged, liquid-cooled, and safety-certified embedded system designed for autonomous vehicle control and secure V2X communication. It features hardware-enforced authority gating via a Zynq FPGA, redundant GNSS/IMU, comprehensive sensor integration, and fail-safe manual control, all housed in an IP67 enclosure for automotive-grade reliability and ISO 26262 compliance. ## Assumptions * **Power Source:** Stable 12V-24V automotive battery input available. * **Environment:** Automotive operating temperatures (−40°C to +85°C), high vibration, IP67 dust/water resistance; ISO 26262 functional safety compliance required. * **Skill Level:** Advanced hardware integration, soldering proficiency, automotive electrical systems, FPGA development, and liquid cooling experience required. * **Software/Firmware:** Pre-validated Jetson Orin BSP, Zynq FPGA firmware for governance logic, and sensor drivers are available for integration. * **Tooling:** Standard electronics assembly tools, torque wrenches, crimping tools for automotive harnesses, 3D printer for ASA components. ## Action Items - [ ] Prepare main_enclosure for component mounting, including drilling and panel cutouts. - [ ] Install cold_plate, liquid_cooling_pump, liquid_cooling_radiator, and silicone_tubing; fill and pressure-test liquid cooling system; verify all quick_connect_fittings are leak-free. - [ ] 3D print and mount all ASA brackets: camera_module_mount_asa, safety_relay_mount_asa, power_converter_mount_asa, jetson_orin_mount_asa, gmsl2_deserializer_mount_asa, gnss_module_tray_asa, imu_smi230_mount_asa, ethernet_switch_mount_asa, power_filter_mount_asa. - [ ] Secure jetson_orin (thermal_pad_gpu to cold_plate), zynq_som_te0808 (on fpga_carrier_board, thermal_paste_fpga to cold_plate), vicor_dcdc_converter, and marvell_ethernet_switch. - [ ] Route and connect power wiring from lt8645s_power_filter and vicor_dcdc_converter to all components; establish chassis ground bond at vehicle_chassis_ground_stud. - [ ] Connect all Ethernet and GMSL2 sensor data paths: ars540_radar, os1_64_lidar, gmsl2_camera, gmsl2_deserializer, marvell_ethernet_switch. - [ ] Integrate GNSS/IMU modules (zed_f9r_gnss, zed_f9p_gnss, bosch_smi230_imu) and antennas (tallysman_tw3972_f9r/f9p). - [ ] Install qualcomm_9150_v2x, microchip_atecc608b, infineon_tpm, and pctel_v2x_antenna. - [ ] Wire governance and watchdog logic: zynq_som_te0808 ↔ zynq_watchdog_pmic (WDI_OUT→WDI_IN, nRESET_OUT→nRESET_IN); jetson_orin ↔ jetson_watchdog_pmic (WDI_OUT→WDI_IN, nRESET_OUT→nRESET_IN); all three legs → bts5016_high_side_switch → kilovac_lev200_relay. - [ ] Connect CAN-FD: zynq_som_te0808 CAN0_TX → tja1145a_can_fd_1; jetson_orin CAN0_TX → tja1145a_can_fd_2; both CANH/CANL → mil_dtl_38999_connector_panel. - [ ] Install mil_dtl_38999_connector_panel and cable_gland_ethernet for external interfaces. - [ ] Perform functional tests: power, cooling, sensor acquisition, watchdog actuation, and fail-safe relay operation per ISO 26262 validation plan. ## Fail-Safe & Failover Behavior The BLADE-AV Governance Node implements a three-leg redundant safe-state circuit. Under normal operation, `zynq_watchdog_pmic` and `jetson_watchdog_pmic` each receive a periodic heartbeat signal (`WDI_OUT → WDI_IN`) from their respective compute nodes. If either watchdog's heartbeat times out — or if `zynq_som_te0808` asserts its GPIO relay-enable low — the corresponding watchdog de-asserts its `GPIO_OUT` to `bts5016_high_side_switch`, removing the 12V coil drive from `kilovac_lev200_relay`. The relay opens, cutting all drive-by-wire authority signals at the vehicle interface. This sequence executes in hardware without firmware involvement. In the event of a Jetson AGX Orin failure specifically, the Zynq SoM continues to assert its own relay-enable independently, maintaining safe-state authority until the system is reset by a qualified operator. **Relay enable legs:** - Leg 1: `zynq_som_te0808` GPIO_A0 → `bts5016_high_side_switch` IN - Leg 2: `zynq_watchdog_pmic` GPIO_OUT → `bts5016_high_side_switch` IN (trips on Zynq heartbeat timeout) - Leg 3: `jetson_watchdog_pmic` GPIO_OUT → `bts5016_high_side_switch` IN (trips on Jetson heartbeat timeout) All three legs must be asserted high to maintain relay closure (drive-by-wire authority active). Loss of any single leg opens the relay within the watchdog timeout window. ## Assembly Key Points * **main_enclosure * all components:** Secure with M2/M3/M4/M5/M6 fasteners; use ASA 3D-printed mounts for vibration dampening in IP67 enclosure. * **jetson_orin * cold_plate:** Apply thermal_pad_gpu to GPU die; mount with jetson_orin_mount_asa using M3/M4 fasteners. * **zynq_som_te0808 * fpga_carrier_board:** Ensure secure board-to-board connector seating; apply thermal_paste_fpga for direct cold_plate thermal path. * **fpga_carrier_board * cold_plate:** Establish thermal contact; mount to main_enclosure with M3_button_head_screw. * **liquid_cooling_system:** Use quick_connect_fittings for all silicone_tubing connections to pump, radiator, and cold_plate. Pressure-test before power-on. Monitor via coolant_temp_sensor on inlet/outlet. * **lt8645s_power_filter * vehicle_chassis_ground_stud:** GND→GND chassis ground bond — critical for EMI suppression and ISO 26262 safety compliance. * **vicor_dcdc_converter * all electrical components:** Verify 19V (Jetson), 12V (relay), 5V (transceivers, V2X), 3.3V (sensors, security, watchdogs) rails per electrical connections. * **gmsl2_camera * gmsl2_deserializer * jetson_orin:** GMSL2 Coax must be fully seated; MIPI CSI-2 4-lane to Jetson secured for high-speed camera data. * **marvell_ethernet_switch * sensors/jetson_orin/zynq_som_te0808:** 100BASE-T1 (radar), 1000BASE-T (LiDAR, compute); TSN-capable configuration required. * **qualcomm_9150_v2x * pctel_v2x_antenna:** Secure SMA RF connection (RF Output→SMA) for C-V2X communication. * **kilovac_lev200_relay * bts5016_high_side_switch:** 12V Nominal / 9V Min Hold-in coil drive. Verify relay opens on all three leg failures before vehicle integration. * **Watchdog PMICs (zynq_watchdog_pmic, jetson_watchdog_pmic):** WDI_OUT→WDI_IN and nRESET_OUT→nRESET_IN wiring is critical. Both PMICs must independently drive bts5016_high_side_switch IN. * **CAN-FD Transceivers (tja1145a_can_fd_1, tja1145a_can_fd_2):** CAN0_TX from Zynq and Jetson; CANH/CANL to mil_dtl_38999_connector_panel for vehicle CAN-FD bus. * **radiator_fan * liquid_cooling_radiator:** Secure mount for airflow; PWM control via jetson_orin I2C → pwm_fan_controller. --- *BLADE-AV Governance Node — Hardware Platform v2.0* *© 2026 Burak Oktenli • Georgetown University • MPS Applied Intelligence • ORCID 0009-0001-8573-1667 • CC BY 4.0* *Authority-Governed Autonomous Systems Research • Governance Pipeline: SATA → HMAA → MAIVA → FLAME → CARA*